12 matches found
EUVD-2021-1015
Malware in sbrugna...
Cross-site Scripting (XSS)
pimcore/pimcore is vulnerable to cross-site scripting. The storetreeAction function in ClassificationstoreController.php does not properly escape the user input name field, allowing an attacker to access the user's session cookie through the input payload...
SQL injection in pimcore/pimcore
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class...
pimcore SQL Injection Vulnerability (CNVD-2021-50182)
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. An SQL injection vulnerability exists in pimcor...
CVE-2021-23405
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class...
CVE-2021-23405
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class...
Design/Logic Flaw
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class...
SQL Injection
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within t...
SQL Injection
pimcore is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements on the database via the data classification functionality in ClassificationstoreController, due to inadequate validation of relationIds parameter...
CVE-2020-7759
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...
Sql injection
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...
CVE-2020-7759 SQL Injection
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request:...